Securing the Connected Car

Journal article, 2018

A new era is upon us — an era where Internet connectivity is available everywhere and at all times. Cars have become very complex computer systems with about 100 million lines of code and more than 100 electronic control units (ECUs) interconnected to control everything, including steering, acceleration, brakes, and other safety-critical systems. However, cars were never created with Internet connectivity in mind, and adding this connectivity as an afterthought raises many security concerns. As a result, a security-enhancing approach that considers the entire process from product development to market introduction is required.

This article suggests using a methodology known as start, predict, mitigate, and test (SPMT). Its purpose is to predict and mitigate vulnerabilities in vehicles using a systematic approach for security analysis specifically adapted for vehicles. The SPMT methodology builds on existing methodologies and models that are applicable to different phases in a vehicle’s life cycle as well as on new ideas. Unlike other methods, however, the SPMT methodology covers a vehicle’s entire life cycle, which results in security and safety enhancements, something that cannot be achieved by existing methodologies.